Sprinto DashboardAPI Reference

Assess Vendor Risk and Due Diligence

Discover how to assess vendor risk and complete due diligence using Sprinto’s scoring model and AI-powered analysis.

Sprinto enables you to assess each vendor’s risk profile through configurable risk scoring and guided due diligence workflows. These tools help you determine whether a vendor poses a compliance threat and ensure that appropriate controls are in place.

You can score vendor risk, perform due diligence manually or with Sprinto AI, and maintain audit-ready documentation for all high-risk vendors.

1. Score Vendor Risk

Each vendor is automatically assigned a risk score based on Sprinto’s predefined risk factors. You can customise this scoring logic under the Configuration tab.

Risk scoring factors include:

  • Type of data shared (e.g., cardholder data, credentials, customer PII)

  • Access to company systems (e.g., databases, production environments)

  • Operational impact (e.g., business-critical, internal tools)

Steps to score risk:

  1. Go to All vendors and click a vendor name.

  2. Open the Risk score tab.

  1. For each risk factor, click Add value or Edit.

  2. Select appropriate responses from the dropdown.

  3. Click Add risk factor values after completing all required fields.

  4. Choose to:

    • Use Sprinto’s auto-computed risk level, or

    • Override and define your own risk level

Vendors without a completed risk score appear under the "Unscored" status filter.

2. Perform Due Diligence

Due diligence is mandatory for vendors classified as High risk. Sprinto supports manual method.

Steps:

  1. Navigate to the vendor profile and open the Due diligence tab.

  2. Click perform due diligence.

  1. Upload relevant security documents (for example, SOC 2 reports, ISO certificates and so on).

  2. Add notes and findings.

  3. Under the Review vendor documents and complete due diligence section, you can select eother:

    1. Vendor meets necessary security requirements.

    2. Manually review vendor documents and add notes.

  4. If you select the second option, you will need to add additional notes for your manual review.

  5. Click Complete due diligence to finish the process.

You can resume an incomplete due diligence session at any time.

3. Upload or Request Security Documents

You can upload security documents manually or request them directly from the vendor.

To upload manually:

  1. Go to the Documents & links tab in the vendor profile.

  2. Click Add docs/links.

  1. Choose a document/link type.

  2. Select the check box you wish to add:

    • Attach a file

    • Add a URL

  3. Click Add another document/link if you wish to add additional documents/links.

  4. Click Save.

To request from a vendor:

  1. Click Request docs from vendo in the same tab.

  1. Select the check boxes for the documents to you want to request.

  2. Enter the vendor’s email address.

  3. Enter the recipient's email address.

  4. Select required document types.

  5. You can also add a subject, header and a message to the vendor.

  6. Click Preview & send request.

Vendors receive a secure link to upload their files.

PreviousManage Vendors and ProfilesNextSend and Review Security Questionnaires

Last updated